CVE-2025-15251 | beecue FastBee up to 2.1 SIP Message ReqAbstractHandler.java getRootElement xml external entity reference (ID7HNZ)

A vulnerability categorized as problematic has been discovered in beecue FastBee up to 2.1. Impacted is the function getRootElement of the file springboot/fastbee-server/sip-server/src/main/java/com/fastbee/sip/handler/req/ReqAbstractHandler.java of the component SIP Message Handler. The manipulation results in xml external entity reference.

This vulnerability is known as CVE-2025-15251. It is possible to launch the attack remotely. No exploit is available.

The project owner replied to the issue report: “Okay, we’ll handle it as soon as possible.”

CVE-2025-15251 | beecue FastBee up to 2.1 SIP Message ReqAbstractHandler.java getRootElement xml external entity reference (ID7HNZ)

Post correlati

CVE-2023-5650 | Zyxel ATP/USG FLEX/USG FLEX 50/USG20-VPN/VPN Web GUI privileges management

CVE-2023-6884 | Plugin for Google Reviews up to 3.1 on WordPress Shortcode cross site scripting

CVE-2024-0449 | ArtiBot Free Chat Bot Plugin up to 1.1.6 on WordPress cross site scripting

CVE-2024-8756 | Quform Plugin up to 2.20.0 on WordPress information disclosure